With rapid development of communications technologies, some security-related processes appear in a Long Term Evolution (LTE) network. The processes specifically include a counter check process and a reconfiguration process. The counter check process is mainly that an existing network requires a terminal to check an amount of data sent or received on each data radio bearer (DRB), so as to detect whether an intruder inserts a data packet between the network and the terminal. The reconfiguration process is mainly that the existing network notifies the terminal of a security algorithm to be used, so as to trigger an update of an algorithm and a key of the terminal. Each DRB is a radio bearer that is established according to a service requirement of a user, and used to transmit data of the user.
In the prior art, the counter check process and reconfiguration process are jointly completed by a base station and a terminal. When a counter check is required, the base station sends counter check information to the terminal, where the information includes an identity of a DRB. According to the identity of the DRB, the terminal compares first 25 bits of an uplink count value of the DRB with first 25 bits of an uplink count value of a corresponding DRB maintained by the terminal itself; and compares first 25 bits of a downlink count value of the DRB with first 25 bits of a downlink count value of the corresponding DRB maintained by the terminal itself. When at least one result of the results of the two comparisons is different, the terminal sends counter check response information to the base station. When a reconfiguration is required, the base station sends reconfiguration information to the terminal. The terminal communicates with the base station according to a security algorithm in the reconfiguration information, and sends reconfiguration complete information to the base station.
However, the counter check process and reconfiguration process in the prior art are not applicable to a new network architecture. In the new network architecture, a base station that maintains a count value is different from a base station that executes a counter check process. In addition, a base station that performs secure communication with a terminal is also different from a base station that executes a reconfiguration process. The base station that maintains the count value is a secondary base station. The base station that executes the counter check process is a primary base station. The base station that actually performs secure communication with the terminal is the secondary base station. The base station that executes the reconfiguration process is the primary base station. If the counter check process in the prior art is applied to the new network architecture, the primary base station cannot execute the counter check process because count-related information cannot be obtained. If the reconfiguration process in the prior art is applied to the new network architecture, the secondary base station cannot perform normal communication with the terminal because security-related information cannot be obtained.